-
Notifications
You must be signed in to change notification settings - Fork 10
/
whitelist.moon
111 lines (98 loc) · 2.01 KB
/
whitelist.moon
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
url_value = (value) ->
value and (value\match("^https?://") or value\match("^//")) and true
mailto_value = (value) -> value and value\match("^mailto:") and true
-- Adapted from https://github.com/rgrove/sanitize/blob/master/lib/sanitize/config/basic.rb
tags = {
{ -- any tag
title: true, dir: true, lang: true
}
a: {
href: (...) -> url_value(...) or mailto_value(...)
name: true
}
abbr: { title: true }
b: true
blockquote: { cite: true }
br: true
cite: true
code: true
dd: true
dfn: { title: true }
div: true
dl: true
dt: true
em: true
h1: true
h2: true
h3: true
h4: true
h5: true
h6: true
hr: true
i: true
img: {
align: true
alt: true
height: true
src: url_value
width: true
}
kbd: true
li: true
mark: true
ol: true
p: true
pre: true
q: { cite: true }
s: true
samp: true
small: true
span: true
strike: true
strong: true
sub: true
sup: true
table: { summary: true, width: true}
thead: true
tbody: true
tfoot: true
tr: true
td: { colspan: true, rowspan: true, width: true }
th: { colspan: true, rowspan: true, width: true }
time: { datetime: true, pubdate: true }
u: true
ul: true
var: true
}
set_default = (tags) ->
default = tags[1]
return unless default
mt = { __index: default }
for k,v in pairs(tags)
continue unless type(k) == "string"
if type(v) == "table"
setmetatable v, mt
else
tags[k] = setmetatable {}, mt
set_default tags
add_attributes = {
a: {
rel: "nofollow"
}
}
-- tags that are allowed to use the `/>` self closing syntax, and don't need
-- to be automatically closed. Note: if the tag isn't in the whitelist,
-- then being here will have no effect
self_closing = {
br: true, img: true, hr: true, input: true, source: true
link: true, meta: true, param: true
}
clone = (t) ->
return t unless type(t) == "table"
{k, clone v for k, v in pairs t}
{
:tags, :add_attributes, :self_closing
clone: =>
with clone @
set_default .tags
}